From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Ying-Tsun Huang <ying-tsun.huang@amd.com>,
Borislav Petkov <bp@suse.de>
Subject: [PATCH 4.9 45/45] x86/mtrr: Correct the range check before performing MTRR type lookups
Date: Mon, 11 Jan 2021 14:01:23 +0100 [thread overview]
Message-ID: <20210111130035.804259149@linuxfoundation.org> (raw)
In-Reply-To: <20210111130033.676306636@linuxfoundation.org>
From: Ying-Tsun Huang <ying-tsun.huang@amd.com>
commit cb7f4a8b1fb426a175d1708f05581939c61329d4 upstream.
In mtrr_type_lookup(), if the input memory address region is not in the
MTRR, over 4GB, and not over the top of memory, a write-back attribute
is returned. These condition checks are for ensuring the input memory
address region is actually mapped to the physical memory.
However, if the end address is just aligned with the top of memory,
the condition check treats the address is over the top of memory, and
write-back attribute is not returned.
And this hits in a real use case with NVDIMM: the nd_pmem module tries
to map NVDIMMs as cacheable memories when NVDIMMs are connected. If a
NVDIMM is the last of the DIMMs, the performance of this NVDIMM becomes
very low since it is aligned with the top of memory and its memory type
is uncached-minus.
Move the input end address change to inclusive up into
mtrr_type_lookup(), before checking for the top of memory in either
mtrr_type_lookup_{variable,fixed}() helpers.
[ bp: Massage commit message. ]
Fixes: 0cc705f56e40 ("x86/mm/mtrr: Clean up mtrr_type_lookup()")
Signed-off-by: Ying-Tsun Huang <ying-tsun.huang@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20201215070721.4349-1-ying-tsun.huang@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/mtrr/generic.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/x86/kernel/cpu/mtrr/generic.c
+++ b/arch/x86/kernel/cpu/mtrr/generic.c
@@ -166,9 +166,6 @@ static u8 mtrr_type_lookup_variable(u64
*repeat = 0;
*uniform = 1;
- /* Make end inclusive instead of exclusive */
- end--;
-
prev_match = MTRR_TYPE_INVALID;
for (i = 0; i < num_var_ranges; ++i) {
unsigned short start_state, end_state, inclusive;
@@ -260,6 +257,9 @@ u8 mtrr_type_lookup(u64 start, u64 end,
int repeat;
u64 partial_end;
+ /* Make end inclusive instead of exclusive */
+ end--;
+
if (!mtrr_state_set)
return MTRR_TYPE_INVALID;
next prev parent reply other threads:[~2021-01-11 13:05 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-11 13:00 [PATCH 4.9 00/45] 4.9.251-rc1 review Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 01/45] kbuild: dont hardcode depmod path Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 02/45] workqueue: Kick a worker based on the actual activation of delayed works Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 03/45] lib/genalloc: fix the overflow when size is too big Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 04/45] depmod: handle the case of /sbin/depmod without /sbin in PATH Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 05/45] ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 06/45] atm: idt77252: call pci_disable_device() on error path Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 07/45] net: dcb: Validate netlink message in DCB handler Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 08/45] net/ncsi: Use real net-device for response handler Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 09/45] net: ethernet: Fix memleak in ethoc_probe Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 10/45] ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst() Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 11/45] net: hns: fix return value check in __lb_other_process() Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 12/45] net: hdlc_ppp: Fix issues when mod_timer is called while timer is running Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 13/45] CDC-NCM: remove "connected" log message Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 14/45] vhost_net: fix ubuf refcount incorrectly when sendmsg fails Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 15/45] net: sched: prevent invalid Scell_log shift count Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 16/45] virtio_net: Fix recursive call to cpus_read_lock() Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 17/45] scripts/gdb: make lx-dmesg command work (reliably) Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 18/45] scripts/gdb: lx-dmesg: cast log_buf to void* for addr fetch Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 19/45] scripts/gdb: lx-dmesg: use explicit encoding=utf8 errors=replace Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 20/45] scripts/gdb: fix lx-version string output Greg Kroah-Hartman
2021-01-11 13:00 ` [PATCH 4.9 21/45] video: hyperv_fb: Fix the mmap() regression for v5.4.y and older Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 22/45] usb: gadget: enable super speed plus Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 23/45] USB: cdc-acm: blacklist another IR Droid device Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 24/45] usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 25/45] USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 26/45] usb: uas: Add PNY USB Portable SSD to unusual_uas Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 27/45] USB: serial: iuu_phoenix: fix DMA from stack Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 28/45] USB: serial: option: add LongSung M5710 module support Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 29/45] USB: yurex: fix control-URB timeout handling Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 30/45] USB: usblp: fix DMA to stack Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 31/45] ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 32/45] usb: gadget: select CONFIG_CRC32 Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 33/45] usb: gadget: f_uac2: reset wMaxPacketSize Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 34/45] usb: gadget: function: printer: Fix a memory leak for interface descriptor Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 35/45] USB: gadget: legacy: fix return error code in acm_ms_bind() Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 36/45] usb: gadget: Fix spinlock lockup on usb_function_deactivate Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 37/45] usb: gadget: configfs: Preserve function ordering after bind failure Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 38/45] usb: gadget: configfs: Fix use-after-free issue with udc_name Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 39/45] USB: serial: keyspan_pda: remove unused variable Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 40/45] x86/mm: Fix leak of pmd ptlock Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 41/45] ALSA: hda/conexant: add a new hda codec CX11970 Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 42/45] Revert "device property: Keep secondary firmware node secondary by type" Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 43/45] netfilter: ipset: fix shift-out-of-bounds in htable_bits() Greg Kroah-Hartman
2021-01-11 13:01 ` [PATCH 4.9 44/45] netfilter: xt_RATEEST: reject non-null terminated string from userspace Greg Kroah-Hartman
2021-01-11 13:01 ` Greg Kroah-Hartman [this message]
2021-01-11 21:52 ` [PATCH 4.9 00/45] 4.9.251-rc1 review Guenter Roeck
2021-01-11 23:40 ` Shuah Khan
2021-01-12 8:16 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210111130035.804259149@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bp@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=ying-tsun.huang@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).